Pycrypto - active ??

dirvine irvine.david at gmail.com
Sun Mar 19 22:39:58 CET 2006


Does anyone know if pycrypto is active at all. I have been browsing
groups etc. for some info and have found entries from 2003 (latest)
regarding some bits I was looking for in particular reference to
symmetrical encoding (AES) and auto padding and supply or not of iv to
set up method i.e

from Crypto.Cipher import AES
from Crypto.Hash import SHA256
import random
import zlib
s = SHA256.new()
s.update('secret')
key = s.digest()
x = AES.new(key, AES.MODE_CBC) #  should be (key,AES.MODE_CBC,iv)

iv should according to docs (which also look very old) should be a
random number equal to the size of data blocks (in CBC or EBC). Does
anyone know if by not supplying iv - is the data secure or not ??

Auto iv and auto padding would help this project a lot but unknown as
to whether they exist. I may be missing an important point here though
- so correct me where you will.

It would appear to be a great shame if pyCrypto has stalled or not
taken on board more seriously, there's great talk of implementing TLS,
SSL etc. in the lists but little support of this visible in code or
docs. The docs examples don't exist in code but getting them from ATTIC
in cvs shows they are not stable, possibly not secure and not
representative of the code now (and that's a couple of years ago)


as an aside I have found a way to pad and remove padding at decrypt is
quite simple, use zlib.compress ->  pad -> encrypt
then
decrypt -> zlib.decompress and its just your data minus padding.




More information about the Python-list mailing list